This is the OpenBSD 3.1 release errata & patch list:
For OpenBSD patch branch information, please refer here.
For important packages updates, please refer here.
For 2.1 errata, please refer here.
For 2.2 errata, please refer here.
For 2.3 errata, please refer here.
For 2.4 errata, please refer here.
For 2.5 errata, please refer here.
For 2.6 errata, please refer here.
For 2.7 errata, please refer here.
For 2.8 errata, please refer here.
For 2.9 errata, please refer here.
For 3.0 errata, please refer here.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_3_1
patch branch.
For more detailed information on install patches to OpenBSD, please
consult the OpenBSD FAQ.
All architectures
- 004: SECURITY FIX: May 22, 2002
Under certain conditions, on systems using YP with netgroups in the
password database, it is possible that
sshd(8)
does ACL checks for the requested user name but uses the password
database entry of a different user for authentication. This means
that denied users might authenticate successfully while permitted
users could be locked out.
A source code patch exists which remedies the problem.
- 003: SECURITY FIX: May 8, 2002
A race condition exists where an attacker could fill the file descriptor
table and defeat the kernel's protection of fd slots 0, 1, and 2 for a
setuid or setgid process.
A source code patch exists which remedies the problem.
- 002: SECURITY FIX: April 25, 2002
A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
A source code patch exists which remedies the problem.
- 001: SECURITY FIX: April 22, 2002
A local user can gain super-user privileges due to a buffer overflow
in sshd(8)
if AFS has been configured on the system or if
KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.
A source code patch exists which remedies the problem.
i386
- No problems identified yet.
alpha
- No problems identified yet.
mac68k
- No problems identified yet.
sparc
- No problems identified yet.
sparc64
- No problems identified yet.
amiga
- No problems identified yet.
hp300
- No problems identified yet.
mvme68k
- No problems identified yet.
macppc
- No problems identified yet.
vax
- No problems identified yet.
For OpenBSD patch branch information, please refer here.
For important packages updates, please refer here.
For 2.1 errata, please refer here.
For 2.2 errata, please refer here.
For 2.3 errata, please refer here.
For 2.4 errata, please refer here.
For 2.5 errata, please refer here.
For 2.6 errata, please refer here.
For 2.7 errata, please refer here.
For 2.8 errata, please refer here.
For 2.9 errata, please refer here.
For 3.0 errata, please refer here.
www@openbsd.org
$OpenBSD: errata.html,v 1.393 2002/05/22 22:32:29 markus Exp $